Enabling HTTPBoot plugin for Foreman 1.20

provisioning
uefi

#1

UEFI clients are capable of booting from HTTP or HTTPS if they are given a valid URL via DHCP filename option. Publishing required files is achieved with module which will publish tftp directory via http and https on /EFI endpoint for HTTP BOOT UEFI and /httpboot for generic http boot (iPXE) with the same content. Because we do lack installer support for this feature for now, few steps are needed to configure Foreman so it servers boot files over http:

  1. Enable HTTPBoot plugin: in /etc/foreman-proxy/settings.d/httpboot.yml set :enabled: true
  2. Restart services, so config change will take effect:
    # foreman-maintain service restart
  3. In webUI refresh integrated capsules features with Infrastructure -> Capsules -> <foreman’s capsule> -> Refresh features and make sure “HTTPBoot” is now listed in “Active features” there
  4. Assign this HTTPBoot capsule to to the subnet(s): Infrastructure -> Subnets -> -> Capsules and select the capsule and press “Submit”
  5. Now when creating a host, on “Operating system” tab set “PXE Loader” to “Grub2 UEFI HTTP”

This will cause UEFI firmware on provisioned machine to download the following loader according to the settings (assuming that smart-proxy is registered to foreman via standard port 8443 or 9090 for katello setup):

  • Smart Proxy HTTPBoot feature set in a Subnet + Grub2 UEFI HTTP: http://<httpboot_proxy>:8443/httpboot/grub2/grubx64.efi. (*)
  • Smart Proxy HTTPBoot feature set in a Subnet + Grub2 UEFI HTTPS: https://<httpboot_proxy>:8443/httpboot/grub2/grubx64.efi.
  • Smart Proxy HTTPBoot feature not set in a Subnet + Grub2 UEFI HTTP: http://<unattended_url>/httpboot/grub2/grubx64.efi.
  • Smart Proxy HTTPBoot feature not set in a Subnet + Grub2 UEFI HTTPS: https://<unattended_url>/httpboot/grub2/grubx64.efi. (*)

(*) - these combination will not work since protocol and port will not match. As you can see, this still needs more love. The PXE Loader code needs to be extended to recognize which HTTP and HTTPS ports are used for a given capsule and set that appropriately.

The grubx64.efi file is being served from well known /var/lib/tftpboot/... directory.


#2

To fix this oversight I’ve created a PR. I’d welcome feedback. If this works in nightly I’d be happy to backport this to 1.21.1 and 1.20.3.


#3

Thanks, I’ve converted the OP to wiki and made some changes. I realized that some combinations will not work with the current codebase and we need to do some changes unfortunately. With some bit of attention tho, HTTPBoot feature is usable.